sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-02 09:47:23 +03:00
Code

smbdotconf: mark "force group" with substitution="1"

Browse Source 
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Ralph Boehme 2019-10-31 17:56:56 +01:00 committed by Stefan Metzmacher
parent 79cff6295d
commit 2cf62e85e5
3 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs-xml/smbdotconf/security/forcegroup.xml
View File

@ -1,6 +1,7 @@
<samba:parameter name="force group"
context="S"
type="string"
substitution="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<synonym>group</synonym>
<description>

8
source3/smbd/service.c
View File

@ -270,13 +270,15 @@ static NTSTATUS find_forced_group(bool force_user,
{
NTSTATUS result = NT_STATUS_NO_SUCH_GROUP;
TALLOC_CTX *frame = talloc_stackframe();
const struct loadparm_substitution *lp_sub =
loadparm_s3_global_substitution();
struct dom_sid group_sid;
enum lsa_SidType type;
char *groupname;
bool user_must_be_member = False;
gid_t gid;
groupname = lp_force_group(talloc_tos(), snum);
groupname = lp_force_group(talloc_tos(), lp_sub, snum);
if (groupname == NULL) {
DEBUG(1, ("talloc_strdup failed\n"));
result = NT_STATUS_NO_MEMORY;
@ -405,6 +407,8 @@ static NTSTATUS create_connection_session_info(struct smbd_server_connection *sc
NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum)
{
const struct loadparm_substitution *lp_sub =
loadparm_s3_global_substitution();
NTSTATUS status;
if (*lp_force_user(talloc_tos(), snum)) {
@ -457,7 +461,7 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum)
* any groupid stored for the connecting user.
*/
if (*lp_force_group(talloc_tos(), snum)) {
if (*lp_force_group(talloc_tos(), lp_sub, snum)) {
status = find_forced_group(
conn->force_user, snum, conn->session_info->unix_info->unix_name,

4
source3/smbd/uid.c
View File

@ -308,6 +308,8 @@ static bool change_to_user_impersonate(connection_struct *conn,
const struct auth_session_info *session_info,
uint64_t vuid)
{
const struct loadparm_substitution *lp_sub =
loadparm_s3_global_substitution();
int snum;
gid_t gid;
uid_t uid;
@ -350,7 +352,7 @@ static bool change_to_user_impersonate(connection_struct *conn,
* See if we should force group for this service. If so this overrides
* any group set in the force user code.
*/
force_group_name = lp_force_group(talloc_tos(), snum);
force_group_name = lp_force_group(talloc_tos(), lp_sub, snum);
group_c = *force_group_name;
if ((group_c != '\0') && (conn->force_group_gid == (gid_t)-1)) {